PT-2007-1220 · Pop2Owa · Pop2Owa
Carlos Garces
·
Published
2007-01-17
·
Updated
2011-03-08
·
CVE-2006-6940
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
pop2owa version 1.1.3
Description:
The issue is related to a buffer overflow in the ParseHeader function in clsOWA.cls, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending an e-mail message with a long header.
Recommendations:
For pop2owa version 1.1.3, consider applying a patch or fix to address the buffer overflow issue in the ParseHeader function. As a temporary workaround, restrict the length of headers in incoming e-mail messages to prevent exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pop2Owa